Пример #1
0
 def test_input_request_to_homepage_should_be_logged_in_elasticsearch_backend(self, user):
     with log_with_data(related_objects=[user]):
         with capture_security_logs() as logged_data:
             assert_http_ok(self.get('/home/?name=value'))
             elasticsearch_input_request_log = ElasticsearchInputRequestLog.get(
                 id=logged_data.input_request[0].id
             )
             assert_equal_model_fields(
                 elasticsearch_input_request_log,
                 request_headers='{"Cookie": "[Filtered]"}',
                 request_body='',
                 user_id=None,
                 method='GET',
                 host='testserver',
                 path='/home/',
                 queries='{"name": "value"}',
                 is_secure=False,
                 ip='127.0.0.1',
                 view_slug='home',
                 slug=None,
                 time=(elasticsearch_input_request_log.stop - elasticsearch_input_request_log.start).total_seconds(),
                 extra_data={},
                 error_message=None,
                 response_code=200,
                 response_headers='{"Content-Type": "text/html; charset=utf-8", "X-Frame-Options": "DENY"}',
                 response_body='home page response',
                 state=RequestLogState.INFO,
             )
             assert_equal(
                 [rel_obj for rel_obj in elasticsearch_input_request_log.related_objects],
                 ['default|3|{}'.format(user.id)]
             )
Пример #2
0
 def test_input_request_to_homepage_should_be_logged_in_sql_backend(self, user):
     with log_with_data(related_objects=[user]):
         assert_http_ok(self.get('/home/?name=value'))
         assert_equal(SQLInputRequestLog.objects.count(), 1)
         sql_input_request_log = SQLInputRequestLog.objects.get()
         assert_equal_model_fields(
             sql_input_request_log,
             request_headers={'Cookie': '[Filtered]'},
             request_body='',
             user_id=None,
             method='GET',
             host='testserver',
             path='/home/',
             queries={'name': 'value'},
             is_secure=False,
             ip='127.0.0.1',
             view_slug='home',
             slug=None,
             time=(sql_input_request_log.stop - sql_input_request_log.start).total_seconds(),
             extra_data={},
             error_message=None,
             response_code=200,
             response_headers={'Content-Type': 'text/html; charset=utf-8', 'X-Frame-Options': 'DENY'},
             response_body='home page response',
             state=RequestLogState.INFO,
         )
         assert_equal([rel_obj.object for rel_obj in sql_input_request_log.related_objects.all()], [user])
Пример #3
0
    def test_input_request_to_homepage_should_be_logged_in_elasticsearch_backend_through_logstash(self, user):
        with log_with_data(related_objects=[user]):
            with capture_security_logs() as logged_data:
                with self.assertLogs('security.logstash', level='INFO') as cm:
                    assert_http_ok(self.get('/home/?name=value'))
                    input_request_log = logged_data.input_request[0]
                    assert_equal(len(cm.output), 2)
                    request_log, response_log = cm.output

                    request_log_expected_data = {
                        'slug': None,
                        'release': None,
                        'related_objects': ['|'.join(str(v) for v in get_object_triple(user))],
                        'extra_data': {},
                        'parent_log': None,
                        'request_headers': '{"Cookie": "[Filtered]"}',
                        'request_body': '',
                        'user_id': None,
                        'method': 'GET',
                        'host': 'testserver',
                        'path': '/home/',
                        'queries': '{"name": "value"}',
                        'is_secure': False,
                        'ip': '127.0.0.1',
                        'start': not_none_eq_obj,
                        'view_slug': 'home',
                        'state': 'INCOMPLETE'
                    }
                    response_log_expected_data = {
                        **request_log_expected_data,
                        'state': 'INFO',
                        'stop': not_none_eq_obj,
                        'time': not_none_eq_obj,
                        'response_body': 'home page response',
                        'response_code': 200,
                        'response_headers': '{"Content-Type": "text/html; charset=utf-8", ''"X-Frame-Options": "DENY"}',
                    }

                    assert_equal_logstash(
                        request_log,
                        'security-input-request-log',
                        0,
                        input_request_log.id,
                        request_log_expected_data
                    )
                    assert_equal_logstash(
                        response_log,
                        'security-input-request-log',
                        9999,
                        input_request_log.id,
                        response_log_expected_data
                    )
Пример #4
0
 def test_command_with_response_should_be_logged_with_parent_data(self, user):
     responses.add(responses.POST, 'http://localhost/test', body='test')
     with log_with_data(related_objects=[user], slug='TEST', extra_data={'test': 'test'}):
         with capture_security_logs() as logged_data:
             test_call_command('test_command_with_response')
             command_logger = logged_data.command[0]
             output_request_logger = logged_data.output_request[0]
             assert_equal(output_request_logger._get_parent_with_id(), command_logger)
             assert_equal(command_logger.slug, 'TEST')
             assert_equal(command_logger.related_objects, {get_object_triple(user)})
             assert_equal(command_logger.extra_data, {'test': 'test'})
             assert_equal(output_request_logger.slug, 'TEST')
             assert_equal(output_request_logger.related_objects, {get_object_triple(user)})
             assert_equal(output_request_logger.extra_data, {'test': 'test'})
Пример #5
0
 def test_error_command_should_be_logged_in_sql_backend(self, user):
     with log_with_data(related_objects=[user]):
         with assert_raises(RuntimeError):
             test_call_command('test_error_command')
         assert_equal(SQLCommandLog.objects.count(), 1)
         sql_command_log = SQLCommandLog.objects.get()
         assert_equal_model_fields(
             sql_command_log,
             name='test_error_command',
             input='',
             is_executed_from_command_line=False,
             time=(sql_command_log.stop - sql_command_log.start).total_seconds(),
             state=CommandState.FAILED,
             output=None,
         )
         assert_is_not_none(sql_command_log.error_message)
         assert_equal([rel_obj.object for rel_obj in sql_command_log.related_objects.all()], [user])
Пример #6
0
 def test_command_should_be_logged_in_sql_backend(self, user):
     with log_with_data(related_objects=[user]):
         test_call_command('test_command', verbosity=0)
         assert_equal(SQLCommandLog.objects.count(), 1)
         sql_command_log = SQLCommandLog.objects.get()
         assert_equal_model_fields(
             sql_command_log,
             name='test_command',
             input='verbosity=0',
             is_executed_from_command_line=False,
             time=(sql_command_log.stop - sql_command_log.start).total_seconds(),
             state=CommandState.SUCCEEDED,
             error_message=None,
         )
         assert_is_not_none(sql_command_log.output)
         assert_equal([rel_obj.object for rel_obj in sql_command_log.related_objects.all()], [user])
         assert_equal(get_logs_related_with_object(LoggerName.COMMAND, user), [sql_command_log])
Пример #7
0
    def test_error_command_should_be_logged_in_elasticsearch_backend_through_logstash(self, user):
        with capture_security_logs() as logged_data:
            with log_with_data(related_objects=[user]):
                with self.assertLogs('security.logstash', level='INFO') as cm:
                    with assert_raises(RuntimeError):
                        test_call_command('test_error_command')
                    command_log = logged_data.command[0]
                    assert_equal(len(cm.output), 2)
                    start_log, error_log = cm.output

                    start_log_expected_data = {
                        'slug': None,
                        'release': None,
                        'related_objects': ['|'.join(str(v) for v in get_object_triple(user))],
                        'extra_data': {},
                        'parent_log': None,
                        'name': 'test_error_command',
                        'input': '',
                        'is_executed_from_command_line': False,
                        'start': not_none_eq_obj,
                        'state': 'ACTIVE'
                    }
                    error_log_expected_data = {
                        **start_log_expected_data,
                        'stop': not_none_eq_obj,
                        'error_message': not_none_eq_obj,
                        'state': 'FAILED',
                        'time': not_none_eq_obj
                    }

                    assert_equal_logstash(
                        start_log,
                        'security-command-log',
                        0,
                        command_log.id,
                        start_log_expected_data
                    )
                    assert_equal_logstash(
                        error_log,
                        'security-command-log',
                        9999,
                        command_log.id,
                        error_log_expected_data
                    )
Пример #8
0
 def test_error_command_should_be_logged_in_elasticsearch_backend(self, user):
     with capture_security_logs() as logged_data:
         with log_with_data(related_objects=[user]):
             with assert_raises(RuntimeError):
                 test_call_command('test_error_command')
             elasticsearch_command_log = ElasticsearchCommandLog.get(
                 id=logged_data.command[0].id
             )
             assert_equal_model_fields(
                 elasticsearch_command_log,
                 name='test_error_command',
                 input='',
                 is_executed_from_command_line=False,
                 time=(elasticsearch_command_log.stop - elasticsearch_command_log.start).total_seconds(),
                 state=CommandState.FAILED,
                 output=None,
             )
             assert_is_not_none(elasticsearch_command_log.error_message)
             assert_equal(
                 [rel_obj for rel_obj in elasticsearch_command_log.related_objects],
                 ['default|3|{}'.format(user.id)]
             )
Пример #9
0
 def test_command_should_be_logged_in_elasticsearch_backend(self, user):
      with capture_security_logs() as logged_data:
         with log_with_data(related_objects=[user]):
             test_call_command('test_command', verbosity=0)
             elasticsearch_command_log = ElasticsearchCommandLog.get(
                 id=logged_data.command[0].id
             )
             assert_equal_model_fields(
                 elasticsearch_command_log,
                 name='test_command',
                 input='verbosity=0',
                 is_executed_from_command_line=False,
                 time=(elasticsearch_command_log.stop - elasticsearch_command_log.start).total_seconds(),
                 state=CommandState.SUCCEEDED,
                 error_message=None,
             )
             assert_is_not_none(elasticsearch_command_log.output)
             assert_equal(
                 [rel_obj for rel_obj in elasticsearch_command_log.related_objects],
                 ['default|3|{}'.format(user.id)]
             )
             ElasticsearchCommandLog._index.refresh()
             assert_equal(get_logs_related_with_object(LoggerName.COMMAND, user), [elasticsearch_command_log])
Пример #10
0
 def test_slug_and_related_data_should_be_send_to_input_request_logger(self, user):
     with log_with_data(related_objects=[user], slug='TEST'):
         with capture_security_logs() as logged_data:
             assert_http_ok(self.get('/home/'))
             assert_equal(logged_data.input_request[0].related_objects, {get_object_triple(user)})
             assert_equal(logged_data.input_request[0].slug, 'TEST')